Field of the Invention
The present invention relates to a data processing apparatus, an information processing apparatus, and a storage medium.
Description of the Related Art
In these days, there are generally known data processing apparatuses, each of which has various units housed in a single housing thereof, functioning as a printer, a copier, a facsimile, a scanner, etc. Such data processing apparatuses are called Multi Function Peripherals (MFPs). Such a data processing apparatus has a display, a printing, and/or an imaging section in a single housing as well as applications corresponding to a printer, a copier, a facsimile, and a scanner, respectively.
The data processing apparatus realizes a printer, a copier, a scanner, or a facsimile function while changing an application to be used.
The data processing apparatus includes a browser as a web client function and also a function of obtaining (or downloading) various contents from a remotely located web server.
Furthermore, there is known a method of implementing a user interface for operating a data processing apparatus in an external apparatus, such as a web server, to utilize the user interface by means of a browser of the data processing apparatus.
An instruction given from a browser of a conventional data processing apparatus via an external apparatus, such as a web server, using such a method is accepted by the data processing apparatus as a processing request (e.g., a web service request) from outside.
Some of such data processing apparatuses execute only processing requests (e.g., both information and a printing request) from legitimate web servers through exchange of information that identifies a web server (e.g., a host name), for example, between the data processing apparatus and the web server (see Japanese Laid-Open Patent Publication (Kokai) No. 2008-003834).
However, in the technique of Japanese Laid-Open Patent Publication (Kokai) No. 2008-003834, it is determined whether or not to execute a processing based on the information from the web server; accordingly, a processing request from the web server would be unfavorably accepted so long as the request is legitimate even if the request is not from a user who is operating the data processing apparatus.
By way of example, suppose that a malicious user accesses the above-mentioned web server and transmits a processing request from the web server to the data processing apparatus. In that case, the data processing apparatus unfavorably executes a processing not desired by the user who is operating the data processing apparatus based on the processing request from the web server. Specifically, if the data processing apparatus accepts a scan request made by a third party from the web server while the user makes settings for scanning, with a document put on the scanner of the data processing apparatus, reading of the document that is not ordered by the user may be started.
Such a situation can occur even for a legitimate user who is authorized to utilize the data processing apparatus and/or the web server besides a malicious user. For example, assume that a user other than the one who is operating the data processing apparatus accesses the above-mentioned web server and transmits a processing request from the web server to the data processing apparatus. Also in that case, processing not desired by the operating user may be carried out.